我反编译了一个iOS应用程序,我看到了用于加密字符串的私钥和方法。我使用charles来捕获这些数据,并有一个这样的字符串: Charles package data
/ random1 /名称/ BQPnTF9MX8A3FbV1V5jtFozQnSkNtBK5AFJyTnzBJZgFkXIZyWlvxd3LzH6eIQznMLW7U8V3M5FDU9j9zGrkajIc5VjqIS1q8Sy + L9tLPE51aIy0xlKVlRgqjWGe0HGUBBAtlTk + rOZEeR / + TODnEN79mYtgWTNpscRr9dy6DoWw7wvE7MiLIibdCjQ4PbcFQ / EpvIjgWOzCorbobYbEUoI / AW == HTTP / 1.1
然后我查看了iOS代码并看到了他们的方法deassembler
所以我写了一个php服务器来解码这个加密的字符串:
require __DIR__ . '/../autoload.php';
$password = "e12d33re";
$base64Encrypted = "BQN7evDaWMlRXiOOeCEIkL6+3K2dLRKv/e9tYTxrSVMTojf6gMPL7hW7gfuYHt622CIlfon5vsGpv9ykM6WbbMPdH7Q56lcbRPA2KO9aquYR5fM8e0fGGb7AQzPs3G0CJAAYG0E9i8cG1VH3uVP6VWjK5LkpRuUOk8QuoG1j3eP0fUZVY8RSjKyFZpbLlDIrANg4T5DmkigVTEN82QYCbLv2Iw==";
$cryptor = new \RNCryptor\Decryptor();
$plaintext = $cryptor->decrypt($base64Encrypted, $password);
echo "Base64 Encrypted:\n$base64Encrypted\n\n";
echo "Plaintext:\n$plaintext\n\n";
但我不能解密它。
我通过代码检查了它的版本并看到它是版本5
$base64Encrypted = "BQN7evDaWMlRXiOOeCEIkL6+3K2dLRKv/e9tYTxrSVMTojf6gMPL7hW7gfuYHt622CIlfon5vsGpv9ykM6WbbMPdH7Q56lcbRPA2KO9aquYR5fM8e0fGGb7AQzPs3G0CJAAYG0E9i8cG1VH3uVP6VWjK5LkpRuUOk8QuoG1j3eP0fUZVY8RSjKyFZpbLlDIrANg4T5DmkigVTEN82QYCbLv2Iw==";
$actualVersion = ord(substr(base64_decode($base64Encrypted), 0, 1));
我在ios二进制文件中看到了rncryptor lib。
第一张图片,我用私钥成功解密(他们用RNcryptor加密了v4字符串) http://i.stack.imgur.com/Kq5m1.png
第二张图片,他们使用未知方法加密,但肯定100%rncryptor(他们不加密v4字符串) http://i.stack.imgur.com/NfScg.png
